Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Apple Users Become the Latest Targets of MFA Attacks

A new string of multi-factor authentication (MFA) attacks targeting the reset of Apple IDs seem to be popping up in a likely attempt to steal the victim’s digital identity and more.
Continue Reading

IT Leaders Can’t Stop AI and Deepfake Scams as They Top the List of Most Frequent Attacks

New data shows that the attacks IT feels most inadequate to stop are the ones they’re experiencing the most.
Continue Reading

Malicious App Impersonates McAfee to Distribute Malware Via Text and Phone Calls

A trojanized version of the McAfee Security app is installing the Android banking Trojan “Vultur,” according to researchers at Fox-IT. The attackers are spreading links to the malicious ...
Continue Reading

New Report Shows Phishing Links and Malicious Attachments Are The Top Entry Points of Cyber Attacks

New TTP attack data covering 2023 sheds much needed light on the threat actor and user actions that are putting organizations at the most risk.
Continue Reading

Despite Cybersecurity Improvements in UK Organizations, Attacks Still Persist

The UK government's third phase of research shows how well UK organizations have been improving their cybersecurity efforts but indicates that the risk from certain attacks have only been ...
Continue Reading

Thread Hijacking Phishing Attack Targets Pennsylvania Journalist

A journalist in Pennsylvania was targeted by phishing attacks that involved thread hijacking, according to Brian Krebs at KrebsOnSecurity.
Continue Reading

Russian Federation-backed threat group APT29 Now Targeting German Political Parties

New analysis of APT29’s (aka Cozy Bear) activities and their association with Russia’s Foreign Intelligence Service (SVR) has revealed suspected attempts to collect political intelligence.
Continue Reading

Narwhal Spider Threat Group Behind New Phishing Campaign Impersonating Reputable Law Firms

Using little more than a well-known business name and a invoice-related PDF, the “NaurLegal” phishing campaign aims at installing malware trojans.
Continue Reading

New Malware Loader Delivers Agent Tesla Remote Access Trojan Via Phishing

A new malware loader is delivering the Agent Tesla remote access Trojan (RAT), according to researchers at Trustwave SpiderLabs. The malware is distributed by phishing emails with ...
Continue Reading

The Number of New Pieces of Malware Per Minute Has Quadrupled in Just One Year

The threat of novel malware is growing exponentially, making it more difficult for security solutions to identify attachments and links to files as being malware.
Continue Reading

A Simple 'Payment is Underway' Phishing Email Downloads RATs from AWS, GitHub

Analysis of a new initial access malware attack shows how simple these attacks can be while also proving that malware can reside on legitimate repositories.
Continue Reading

New Phishing-as-a-Service Kit Attempts to Bypass MFA

A Phishing-as-a-Service (PhaaS) platform called “Tycoon 2FA” has surged in popularity over the past several months, according to researchers at Sekoia. The phishing kit is notable for its ...
Continue Reading

The Average Malicious Website Exists for Less Than 10 Minutes

A new Chrome update brings to light Google findings about malicious websites that have serious implications on detecting malicious links, spoofed brands and the use of legitimate web ...
Continue Reading

There Is Only So Much Lipstick You Can Put on a Cybercriminal Troll

The one thing I love about our annual conference in Orlando, KB4-CON, is its thought-provoking nature. Year after year, the events team manages to keep a fine balance between product ...
Continue Reading

FBI: Losses Due to Cybercrime Jump to $12.5 Billion as Phishing Continues to Dominate

The FBI’s Internet Crime Complaint Center (IC3) newly-released Internet Crimes Report provides an unbiased big picture of the cyber crimes that were the most used and most successful.
Continue Reading

Social Engineering The #1 Root Cause Behind Most Cyber Crimes In FBI Report

The following paragraphs were cited directly from my recent article highlighting social engineering. "Social engineering and phishing are involved in 70% to 90% of all successful ...
Continue Reading

Ransomware Group “RA World” Changes Its’ Name and Begins Targeting Countries Around the Globe

The threat group "RA World" (formerly RA Group) has shifted from country-specific ransomware attacks to include specific industries via a new - not previously seen - method of extortion.
Continue Reading

[Heads-Up] Phishing Campaign Delivers VCURMS RAT

Researchers at Fortinet are tracking a phishing campaign that’s distributing a new version of the VCURMS remote access Trojan (RAT).
Continue Reading

Phishing Tops 2023’s Most Common Cyber Attack Initial Access Method

New analysis shows that the combination of phishing, email, remote access, and compromised accounts are the focus for most threat actors.
Continue Reading

State-Sponsored Russian Phishing Campaigns Target a Variety of Industries

Researchers at IBM X-Force are monitoring several ongoing phishing campaigns by the Russian state-sponsored threat actor ITG05 (also known as “APT28” or “Fancy Bear”). APT28 has been tied ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews